CLAIMS 

What is claimed: 

1 1 . A method comprising the computer implemented steps of: 

2 sorting a plurality of data items belonging to a superset of data items; 

3 deriving a plurality of ranges using adjacent pairs of data items in said sorted 

4 plurality of data items as endpoints such that all data items in said plurality 

5 of the data items are at endpoints of said plurality of ranges and such that 

6 all other data items in said superset fall in-between the endpoints of said 

7 plurality of ranges; 

8 generating a hash tree having leaf nodes that represent the plurality of ranges; 
Q 9 digitally signing a root node of the tree; and 

10 electronically transmitting said digitally signed root node and parts of said tree 

rr 1 1 onto a network for use in cryptographically demonstrating whether a given 

12 data item is one of said plurality of data items. 

O 1 2, The method of claim 1, wherein said step of generating said tree includes the step 

rU 2 of: 

O 3 forming leaf nodes from endpoints of said plurality of ranges. 

1 3. The method of claim 2, wherein said step of generating said tree includes the step 

2 of: 

3 forming an adjacent pair of leaf nodes from different endpoints of one of said 

4 plurality of ranges. 

1 4. The method of claim 1, wherein said step of generating said tree includes the step 

2L of: 
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3 forming each of a plurality of the leaf nodes from the endpoints of a different one 

4 of said plurality of ranges. 

1 5. The method of claim 1, wherein said plurality of data items identify digital 

2 certificates sharing an attribute. 

1 6. The method of claim 5, wherein said attribute is that the digital certificates are 

2 revoked. 



1 7. The method of claim 1, wherein said plurality of data items identify digital 

S 2 signatures. 

y| 

H 1 8. The method of claim 1, wherein said plurality of data items identify digital 

£ 2 signatures on binary code. 



1 9. The method of claim 1, wherein said plurality of data items identify revoked 

2 credit cards. 

1 10. A method comprising the computer implemented steps of: 

2 receiving a request message requesting whether a first data item is one of a 

3 plurality of data items belonging to a superset of data items; 

4 selecting a range that is derived from^ie^air of data items in said plurality of data 

5 items that defines the smallest range that includes said first data item, 

6 wherein the first data item is not one of the plurality of data items if the 

7 first data item is in-between the endpoints of the selected range, and 

8 wherein the first data item is one of said plurality of data items if said first 

9 data item is on one of the endpoints of the selected range; 
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determining, for a tree having leaf nodes that represent ranges derived from 

adjacent pairs of said plurality of data items in a sorted list of said plurality 
of data items, a path through said tree from said selected range to a first of 
a set of root nodes; and 
generating a response message that includes, 

data identifying said selected range in said response message, 

a set of nodes in said tree such that each node in said set of nodes and at 

least a previously identified node on said path can be combined to 

identify a previously unidentified node on said path, until said first 

root node is identified, 
the set of nodes and excluding at least certain nodes on the path from the 

response message, and 
a digitally signed representation of the first root node in said response 

message; and 

electronically transmitting the response message onto a network. 

11. The method of claim 10, wherein the endpoints of the selected range are 
independently hashed and then hashed together to generate a node in the tree. 

12. The method of claim 10, wherein each leaf node specifies one of one range, an 
endpoint of one range, a hashed range, and a hashed endpoint of one range. 

13. The method of claim 10, wherein said plurality of data items identify digital 
certificates sharing an attribute. 

14. The method of claim 13, wherein said attribute is that the digital certificates are 
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1 15. The method of claim 10, wherein said plurality of data items identify digital 

2 signatures. 

1 16. The method of claim 10, wherein said plurality of data items identify digital 

2 signatures on binary code. 

1 17. The method of claim 10, wherein said plurality of data items identify revoked 

2 credit cards. 

y 1 18. A method comprising the computer implemented steps of: 

U"i 2 electronically transmitting a request message as to whether a first data item is one 

M= 3 of a plurality of data items belonging to a superset of data items; 

m 

=p 4 receiving a response message that includes, 

Ul- 

s 5 a digitally signed representation submitted to be a root node of a tree 

£==^. 

ry 6 having leaf nodes that represent ranges, the ranges derived from 

5=^ 7 adjacent pairs of data items in a sorted list of said plurality of data 

^ 8 items, 

9 data identifying the range that includes said first data item, and 

10 a set of nodes in said tree sufficient to generate said root node starting 

1 1 from said range; and 

12 determining if said first data item is one of said plurality of data items based on 

13 said range, wherein the first data item is not one of the plurality of data 

14 items if the first data item is in-between the endpoints of the selected 

15 range, and wherein the first data item is one of said plurality of data items 

16 if said first data item is on one of the endpoints of the selected range; and 

17 generating said root node using said range and the set of nodes; and 
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determining if said digitally signed representation matches said root node. 

19. The method of claim 18, wherein said set of nodes includes nodes that together 
with a node on a path from the range to the root node can be used to generate a next node 
on the path, but excluding at least some nodes that are on the path. 

20. The method of claim 18, wherein said step of receiving the response message 
includes the step of: 

generating a node in said tree from the range that includes the first data item and 
another range identified in said response message. 

21. The method of claim 18, wherein each node in said set of nodes and at least a 
previously identified node on a path from the range to the root node can be combined to 
identify a previously unidentified node on said path, until said root node is identified. 

22. The method of claim 18, wherein each leaf node specifies one of one range, an 
endpoint of one range, a hashed range, and a hashed endpoint of one range. 

23. The method of claim 18, wherein said plurality of data items identify digital 
certificates sharing a attribute. 

24. The method of claim 23, wherein said attribute is that the digital certificates are 
revoked. 

25. The method of claim 18, wherein said plurality of data items identify digital 
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1 26. The method of claim 18, wherein said plurality of data items identify digital 

2 signatures on binary code. 

1 27. The method of claim 18, wherein said plurality of data items identify revoked 

2 credit cards. 
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